O'Reilly: Avoid Common Pitfalls in Greasemonkey
Nov 16, 2005, 05:30 (1 Talkback[s])
(Other stories by Mark Pilgrim)
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
"Once upon a time, there was a security hole. (This is not your
standard fairy tale. Stay with me.) Greasemonkey's architecture has
changed substantially since it was first written. Version 0.3, the
first version to gain wide popularity, had a fundamental security
flaw: it trusted the remote page too much when it injected and
executed user scripts.
"Back in those days, Greasemonkey's injection mechanism was
simple, elegant--and wrong..."